[PacketFence-users] PacketFence help with authentication in Samba 4
Hi all, I have problem from authentication in Samba 4. MAC Address00:0c:29:75:9d:61 Auth StatusReject Auth Typeeap Auto Registrationno Calling Station ID00:0c:29:75:9d:61 Computer nameN/A EAP TypeMSCHAPv2 Event TypeRadius-Access-Request IP Address Is a Phoneno Node statusN/A DomainSAMBA ProfileN/A Realmsamba.nac Reasonchrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)' RoleN/A SourceN/A Stripped User Namenacadmin User namenacad...@samba.nac Unique ID Switch IDN/A Switch MACN/A Switch IP AddressN/A Called Station ID00:16:47:53:3e:08 Connection typeN/A IfIndexN/A NAS identifier NAS IP Address10.190.90.24 NAS Port50008 NAS Port ID NAS Port TypeEthernet RADIUS Source IP Address10.190.90.24 Wi-Fi Network SSID request_time0 RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e00 00ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e00 6e616361646d696e4073616d62612e6e6163 MS-CHAP2-Response = 0x0761ce8f7270555af5072eea462eb420f41eceed66 e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 Module-Failure-Message = "chrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)'" Module-Failure-Message = "chrooted_mschap: External script says: Logon failure (0xc06d)" Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" User-Password = "**" Module-Failure-Message = "Failed retrieving values required to evaluate condition" SQL-User-Name = "nacad...@samba.nac" RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" EAP-Message = 0x04070004 Message-Authenticator = 0x Need help please. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Problem with Samba 4 authentication
Hello everyone, I'm having problem with authentication, using Samba server 4. CLI authentication works. But, using the Cisco 2950 802.1x, does not work according to the logs. chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=nacad...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) # radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f (0) No reply from server for ID 149 socket 3 What could it be? If you can help me. I created a testing environment with VMware ESXi 6.5. # MAC Address00:0c:29:75:9d:61 Auth StatusReject Auth Typeeap Auto Registrationno Calling Station ID00:0c:29:75:9d:61 Computer nameN/A EAP TypeMSCHAPv2 Event TypeRadius-Access-Request IP Address Is a Phoneno Node statusN/A DomainSAMBA ProfileN/A Realmsamba.nac Reasonchrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)' RoleN/A SourceN/A Stripped User Namenacadmin User namenacad...@samba.nac Unique ID Switch IDN/A Switch MACN/A Switch IP AddressN/A Called Station ID00:16:47:53:3e:08 Connection typeN/A IfIndexN/A NAS identifier NAS IP Address10.190.90.24 NAS Port50008 NAS Port ID NAS Port TypeEthernet RADIUS Source IP Address10.190.90.24 Wi-Fi Network SSID # request_time0 RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163 MS-CHAP2-Response = 0x0761ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 Module-Failure-Message = "chrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)'" Module-Failure-Message = "chrooted_mschap: External script says: Logon failure (0xc06d)" Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" User-Password = "**" Module-Failure-Message = "Failed retrieving values required to evaluate condition" SQL-User-Name = "nacad...@samba.nac" RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" EAP-Message = 0x04070004 Message-Authenticator = 0x Thank you. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered.
Re: [PacketFence-users] Problem with Samba 4 authentication
[root@PacketFence-ZEN ~]# chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) [root@PacketFence-ZEN ~]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No such file or directory Perhaps you need to run the commands:cd /etc/raddb ln -s sites-available/control-socket sites-enabled/control-socket and then re-start the server? Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > can you run: > > raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 > > and paste the result when you try to connect. > > Regards > > Fabrice > > > > Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : >> Hello everyone, I'm having problem with authentication, using Samba server 4. >> >> CLI authentication works. But, using the Cisco 2950 802.1x, does not >> work according to the logs. >> >> >> >> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC >> --username=nacad...@samba.nac --password='Zaq!2wsx' >> NT_STATUS_OK: Success (0x0) >> >> # >> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> (0) No reply from server for ID 149 socket 3 >> >> >> What could it be? >> >> If you can help me. >> >> I created a testing environment with VMware ESXi 6.5. >> >> # >> >> >> MAC Address00:0c:29:75:9d:61 >> Auth StatusReject >> Auth Typeeap >> Auto Registrationno >> Calling Station ID00:0c:29:75:9d:61 >> Computer nameN/A >> EAP TypeMSCHAPv2 >> Event TypeRadius-Access-Request >> IP Address >> Is a Phoneno >> Node statusN/A >> DomainSAMBA >> ProfileN/A >> Realmsamba.nac >> Reasonchrooted_mschap: Program returned code (1) and output 'Logon >> failure (0xc06d)' >> RoleN/A >> SourceN/A >> Stripped User Namenacadmin >> User namenacad...@samba.nac >> Unique ID >> >>
Re: [PacketFence-users] Problem with Samba 4 authentication
Hi. [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=sub binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 stripped_user_name=yes encryption=starttls host=10.161.16.23 [SAMBA] ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2 ntlm_cache=disabled registration=1 ntlm_cache_expiry=3600 dns_name=SAMBA.NAC dns_servers=10.161.16.23 ou=Computers bind_pass=Zaq!2wsx ntlm_cache_on_connection=disabled bind_dn=Administrator workgroup=SAMBA ntlm_cache_batch_one_at_a_time=disabled sticky_dc=10.161.16.23 ad_server=10.161.16.23 ntlm_cache_batch=disabled server_name=packetfence ## [root@PacketFence-ZEN conf]# chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) [root@PacketFence-ZEN conf]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No such file or directory Perhaps you need to run the commands:cd /etc/raddb ln -s sites-available/control-socket sites-enabled/control-socket and then re-start the server? [root@PacketFence-ZEN conf]# Tks. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > can you run: > > raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 > > and paste the result when you try to connect. > > Regards > > Fabrice > > > > Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : >> Hello everyone, I'm having problem with authentication, using Samba server 4. >> >> CLI authentication works. But, using the Cisco 2950 802.1x, does not >> work according to the logs. >> >> >> >> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC >> --username=nacad...@samba.nac --password='Zaq!2wsx' >> NT_STATUS_OK: Success (0x0) >> >> # >> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x000100
[PacketFence-users] PacketFence 8
Hi, all. In tests with PacketFence 8. i not sucess login. Log May 2 15:48:44 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:[undef]] CLI Access is not permit on this switch 10.190.90.25 (pf::radius::switch_access) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac => [00:0c:29:75:9d:61], port => 10010, username => "administra...@samba.nac" (pf::radius::authorize) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through discovery protocols for ifIndex 10010 (pf::Switch::getPhonesDPAtIfIndex) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN pfqueue: pfqueue(4059) INFO: [mac:unknown] undefined source id provided (pf::lookup::person::lookup_person) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.25 (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in hash element at /usr/local/pf/lib/pf/Switch.pm line 751. (pf::Switch::getRoleByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 754. (pf::Switch::getRoleByName) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac => [00:0c:29:75:9d:61], port => 10010, username => "administra...@samba.nac" (pf::radius::authorize) May 2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through discovery protocols for ifIndex 10010 (pf::Switch::g
Re: [PacketFence-users] Bug PacketFence 8
to 0 (pf::radius::authorize) May 3 08:32:00 PacketFence-ZEN pfqueue: pfqueue(8538) INFO: [mac:unknown] undefined source id provided (pf::lookup::person::lookup_person) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 08:32:04 PacketFence-ZEN pfipset[2121]: t=2018-05-03T08:32:04+ lvl=info msg="Reloading ipsets" pid=2121 Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users : > Can you share authentication.conf (remove sensible information) > > > Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit : > > Hello, > > I installed PackerFence 8 on my lab, and I can not access the vlans. > As the logs and prints follow. > > Thank you. > > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from > switch_ip => (10.190.90.24), connection_type => > Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => > [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" > (pf::radius::authorize) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule > class. Defaulting to 'authentication' (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq > at /usr/local/pf/lib/pf/role.pm line 731. > (pf::role::_check_bypass) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN pfqueue: pfqueue(6064) INFO: > [mac:unknown] undefined source id provided > (pf::lookup::person::lookup_person) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in > concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. > (pf::role::getRegisteredRole) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to > match a role - returning node based role '' > (pf::role::getRegisteredRole) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: > reg Returned VLAN: (undefined), Role: (undefined) > (pf::role::fetchRoleForNode) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in > hash element at /usr/local/pf/lib/pf/Switch.pm line 768. > (pf::Switch::getVlanByName) > May 2 16
Re: [PacketFence-users] Bug PacketFence 8
Hi, authentication.conf [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=base binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC monitor=1 set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 encryption=none host=10.161.16.23 [SAMBA.NAC rule Test] action0=set_role=Normal match=all class=authentication action1=set_access_duration=12h description=Teste [SAMBA.NAC rule VoIP] action0=set_role=voice match=all class=authentication action1=set_access_duration=5D description=VoIP ## switches.conf [10.190.90.24] description=Cisco 2950 group=Cisco_2950 VoIPEnabled=N [10.190.90.25] description=Cisco 2960 group=Cisco_2960 [group Cisco_2950] deauthMethod=SNMP description=Switches Cisco 2950 type=Cisco::Catalyst_2950 VoIPEnabled=Y NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx SNMPVersionTrap=2c macDetectionVlan=80 isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx [group Cisco_2960] NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx deauthMethod=SNMP description=Switches Cisco 2956 SNMPVersionTrap=2c type=Cisco::Catalyst_2960 macDetectionVlan=80 VoIPEnabled=Y isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx ## ~ Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users : > Can you share authentication.conf (remove sensible information) > > > Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit : > > Hello, > > I installed PackerFence 8 on my lab, and I can not access the vlans. > As the logs and prints follow. > > Thank you. > > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from > switch_ip => (10.190.90.24), connection_type => > Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => > [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" > (pf::radius::authorize) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule > class. Defaulting to 'authentication' (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq > at /usr/local/pf/lib/pf/role.pm line 731. > (pf::role::_check_bypass) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN pfqueue: pfqueue(6064) INFO: > [mac:unknown] undefined source id
Re: [PacketFence-users] Problem with Fingerbank Gui
Hi, I was having the same problem, it was missing the DNS record in resolve.conf Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-03 7:26 GMT+01:00 Meiser Tobias via PacketFence-users : > Hello, > > we have updated our ZEN to PF 8.0 last week. Since then we are not able to > access Configuration ->Compliance-> Fingerbank Profiling General Settings. > The Gui keeps saying „Error! An error occured while contacting the server. > Please try again later“. > > I don’t know if there is a relation to messages in Packetfence.log > > May 3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189) > ERROR: [mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device > information for 8c:dc:d4:51:df:93. Device profiling rules relying on it will > not work. (DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: > DBD::SQLite::db prepare_cached failed: file is encrypted or is not a > database [for Statement "SELECT COUNT( * ) FROM device me WHERE ( name = ? > )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433) > (pf::node::fingerbank_info) > > And > > May 3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac: > xx:xx:xx:xx:xx:xx] Error handling fingerbank_process : > DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db > prepare_cached failed: file is encrypted or is not a database [for Statement > "SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at > /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433 > (pf::api::can_fork::notify) > > > Fingerbank.conf: > > [upstream] > api_key=xx > use_https=disabled > > [proxy] > use_proxy=enabled > host=http://XX.XXX.XXX.XXX > port=8080 > verify_ssl=disabled > > > Any Ideas ? > > > Best Regards > > Tobias Meiser > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Bug PacketFence 8
:Source::match) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] Username was defined "administra...@samba.nac" - returning role 'Normal' (pf::role::getRegisteredRole) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: Normal (pf::role::fetchRoleForNode) May 3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) ERROR: [mac:unknown] Unable to locate user 'administra...@samba.nac' (pf::Authentication::Source::LDAPSource::search_attributes_in_subclass) May 3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) INFO: [mac:unknown] Successfully did a person lookup for administra...@samba.nac (pf::lookup::person::lookup_person) May 3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) ERROR: [mac:unknown] Can't use string ("Unable to validate credentials a"...) as a HASH ref while "strict refs" in use at /usr/local/pf/lib/pf/lookup/person.pm line 63. (pf::pfqueue::consumer::redis::process_next_job) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 20 (pf::radius::authorize) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] (10.190.90.24) Added VLAN 20 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 12:39:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:[undef]] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-03 13:37 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > can you try that: > > [SAMBA.NAC] > cache_match=0 > read_timeout=10 > realms= > password=Zaq!2wsx > scope=sub > binddn=nacad...@samba.nac > port=389 > description=Teste de Autenticacao > write_timeout=5 > type=AD > basedn=DC=SAMBA,DC=NAC > monitor=1 > set_access_level_action= > email_attribute=mail > usernameattribute=sAMAccountName > connection_timeout=5 > encryption=none > host=10.161.16.23 > > Regards > Fabrice > > > Le 2018-05-03 à 04:32, Jeimerson C. Chaves via PacketFence-users a écrit : > > Hi, > > > authentication.conf > > [SAMBA.NAC] > cache_match=0 > read_timeout=10 > realms= > password=Zaq!2wsx > scope=base > binddn=nacad...@samba.nac > port=389 > description=Teste de Autenticacao > write_timeout=5 > type=AD > basedn=DC=SAMBA,DC=NAC > monitor=1 > set_access_level_action= > email_attribute=mail > usernameattribute=sAMAccountName > connection_timeout=5 > encryption=none > host=10.161.16.23 > > [SAMBA.NAC rule Test] > action0=set_role=Normal > match=all > class=authentication > action1=set_access_duration=12h > description=Teste > > [SAMBA.NAC rule VoIP] > action0=set_role=voice > match=all > class=authentication > action1=set_access_duration=5D > description=VoIP > > ## > > switches.conf > > [10.190.90.24] > description=Cisco 2950 > group=Cisco_2950 > VoIPEnabled=N > > [10.190.90.25] > description=Cisco 2960 > group=Cisco_2960 > > [group Cisco_2950] > deauthMethod=SNMP > description=Switches Cisco 2950 > type=Cisco::Catalyst_2950 > VoIPEnabled=Y > NormalVlan=20 > SNMPPrivPasswordTrap=zaq12wsx > SNMPVersionTrap=2c > macDetectionVlan=80 > isolationVlan=60 > radiusSec
[PacketFence-users] PF 8 Device in Nodes not ON
Hi there, When we connect a device to a 2950 Cisco Switch, he gets to authenticate and is authorized in the network. In the NODES section it appears as ON (as it should be), but when we move it to a 2960 Cisco Switch, it still authenticates and can connects to the network but it's appearing as OFF. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PF 8 Device in Nodes not ON
Hi, Peter, Thank you so much It worked. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-04 0:36 GMT+01:00 Truax, Peter via PacketFence-users : > Jeimerson, > > Try these commands on the 2960. > > aaa accounting network default start-stop group packetfence > aaa accounting identity default start-stop group packetfence > aaa accounting dot1x default start-stop group packetfence > > It worked for me. > > Regards, > > Peter > > -----Original Message- > From: Jeimerson C. Chaves via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > Sent: Thursday, May 3, 2018 8:43 AM > To: packetfence-users@lists.sourceforge.net > Cc: Jeimerson C. Chaves > Subject: [PacketFence-users] PF 8 Device in Nodes not ON > > Hi there, > > When we connect a device to a 2950 Cisco Switch, he gets to authenticate and > is authorized in the network. In the NODES section it appears as ON (as it > should be), but when we move it to a 2960 Cisco Switch, it still > authenticates and can connects to the network but it's appearing as OFF. > > > Com os melhores cumprimentos. > > Jeimerson Chaves > > Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos > com ele transmitidos são confidenciais, podem conter informação privilegiada > e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem > são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha > recebido este e-mail indevidamente, queira informar de imediato o remetente e > proceder à destruição da mensagem e de eventuais cópias. > > Confidentiality Warning: This e-mail and any files transmitted with it are > confidential and may be privileged and are intended solely for the use of the > individual or entity to whom they are addressed. Their contents may not be > altered. lf you are not the intended recipient of this communication please > notify the sender and delete and destroy all copies immediately. > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Unlock Device
May 4 10:42:58 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:42:58 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:01 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:01 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:04 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:04 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:07 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:07 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:14 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:14 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:17 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:17 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:20 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:20 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:23 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:27 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:27 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:30 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:30 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:33 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:33 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:36 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:36 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 10:43:36 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 10:43:36 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3364) INFO: [
Re: [PacketFence-users] Unlock Device
May 4 11:04:08 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has authenticated on the portal. (Class::MOP::Class:::after) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Reevaluating access of device. (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] VLAN reassignment is forced. (pf::enforcement::_should_we_reassign_vlan) May 4 11:04:11 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] switch port is (10.190.90.25) ifIndex 10014 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) May 4 11:04:12 PacketFence-ZEN pfqueue: pfqueue(3471) WARN: [mac:00:0c:29:75:9d:61] Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::Switch::handleReAssignVlanTrapForWiredMacAuth) May 4 11:04:21 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:04:f2:1e:b7:9e] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) May 4 11:04:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => WIRED_MAC_AUTH,switch_mac => (00:26:98:96:21:8e), mac => [00:0c:29:75:9d:61], port => 10014, username => "000c29759d61" (pf::radius::authorize) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] Connection type is WIRED_MAC_AUTH. Getting role from node_info (pf::role::getRegisteredRole) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.25 (pf::Switch::getVlanByName) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in hash element at /usr/local/pf/lib/pf/Switch.pm line 751. (pf::Switch::getRoleByName) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 754. (pf::Switch::getRoleByName) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 11:04:32 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::
[PacketFence-users] Unlock Device
Hello I'm having trouble with a machine, even after 1 or 2 minutes, the device is not released. Where can I make this release. Thank you. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Devices Registration
Hello, The Roles are not appearing for the choice. In Devices. As shown in the picture. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Cluster
# Cluster configuration file for active/active # This file will have it deactivated by default # To activate the active/active mode, set a management IP in the cluster section # Before doing any changes to this file, read the documentation [CLUSTER] management_ip=10.161.16.20 [CLUSTER interface eth0] ip=10.161.16.20 [CLUSTER interface eth3] ip=10.70.70.20 [CLUSTER interface eth4] ip=10.60.60.20 [packetfence1] management_ip=10.161.16.25 [packetfence1 interface eth0] ip=10.161.16.25 [packetfence1 interface eth3] ip=10.70.70.25 [packetfence1 interface eth4] ip=10.60.60.25 [packetfence2] management_ip=10.161.16.26 [packetfence2 interface eth0] ip=10.161.16.26 [packetfence2 interface eth3] ip=10.70.70.26 [packetfence2 interface eth4] ip=10.60.60.26 #3 [general] # # general.domain # # Domain name of PacketFence system. domain=samba.nac # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=packetfence1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=127.0.0.1,10.161.16.21 [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. emailaddr=far.pere...@campus.fct.unl.pt [database] host=localhost # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=zaq12wsx [active_active] # Change these 2 values by the credentials you've set when configuring MariaDB above galera_replication_username=pfcluster galera_replication_password=zaq12wsx [webservices] user=packet pass=fence [advanced] # # advanced.hash_passwords # # The algorithm to use to hash the passwords in the local database. hash_passwords=ntlm # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. emailaddr= [database] host=localhost # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=zaq12wsx [active_active] # Change these 2 values by the credentials you've set when configuring MariaDB above galera_replication_username=pfcluster galera_replication_password=zaq12wsx [webservices] user=packet pass=fence [advanced] # # advanced.hash_passwords # # The algorithm to use to hash the passwords in the local database. hash_passwords=ntlm [interface eth0] ip=10.161.16.25 type=management,portal,radius,high-availability vip=10.161.16.20 mask=255.255.255.0 [interface eth3] enforcement=vlan ip=10.70.70.25 type=internal vip=10.70.70.20 mask=255.255.255.0 [interface eth4] enforcement=vlan ip=10.60.60.25 type=internal vip=10.60.60.20 mask=255.255.255.0 Tnks Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. Em 11 de maio de 2018 11:02, Jeimerson C. Chaves escreveu: > Hello, ALL, > > In cluster address ip management local not start port 1443. > > Follow the manual, where can I be wrong? > > Com os melhores cumprimentos. > > Jeimerson Chaves > > Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros > informáticos com ele transmitidos são confidenciais, podem conter > informação privilegiada e destinam-se ao conhecimento e uso exclusivo > da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos > mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, > queira informar de imediato o remetente e proceder à destruição da > mensagem e de eventuais cópias. > > Confidentiality Warning: This e-mail and any files transmitted with it > are confidential and may be privileged and are intended solely for the > use of the individual or entity to whom they are addressed. Their > contents may not be altered. lf you are not the in
[PacketFence-users] Cluster
Hello, ALL, In cluster address ip management local not start port 1443. Follow the manual, where can I be wrong? Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Cluster PF 8.0.1
Hello, I am configuring the Cluster, as it appears in how to, but, after configuring mysql, it restarts and does not run anymore. Well, you're trying to run on the VIP IP. Follow log. May 16 08:25:57 pfence01 mysqld_safe: mysqld from pid file /var/lib/mysql/pfence01.pid ended May 16 08:25:58 pfence01 mysqld_safe: Starting mysqld daemon with databases from /var/lib/mysql May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Warning] 'THREAD_CONCURRENCY' is deprecated and will be removed in a future release. May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] /usr/sbin/mysqld (mysqld 10.1.21-MariaDB) starting as process 5868 ... May 16 08:25:58 pfence01 mysqld: 2018-05-16 08:25:58 7f104b06f900 InnoDB: Warning: Using innodb_additional_mem_pool_size is DEPRECATED. This option may be removed in future releases, together with the option innodb_use_sys_malloc and with the InnoDB's internal memory allocator. May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Using mutexes to ref count buffer pool pages May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: The InnoDB memory heap is disabled May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Compressed tables use zlib 1.2.7 May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Using Linux native AIO May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Using generic crc32 instructions May 16 08:25:58 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Initializing buffer pool, size = 500.0M May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:58 139707954952448 [Note] InnoDB: Completed initialization of buffer pool May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] InnoDB: Highest supported file format is Barracuda. May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] InnoDB: 128 rollback segment(s) are active. May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] InnoDB: Waiting for purge to start May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.34-79.1 started; log sequence number 2188830 May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139706826196736 [Note] InnoDB: Dumping buffer pool(s) not yet started May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] Plugin 'FEEDBACK' is disabled. May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [Note] Server socket created on IP: '10.161.16.20'. May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 99: Cannot assign requested address May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [ERROR] Do you already have another mysqld server running on port: 3306 ? May 16 08:25:59 pfence01 mysqld: 2018-05-16 8:25:59 139707954952448 [ERROR] Aborting May 16 08:25:59 pfence01 mysqld: ^C [root@pfence01 ~]# tailf /usr/local/pf/logs/packetfence.log May 16 08:24:57 pfence01 packetfence: FATAL -e(647): unable to connect to database: Access denied for user 'pf'@'localhost' (using password: YES) at -e line 1. (pf::db::db_connect) May 16 08:24:59 pfence01 packetfence: WARN -e(647): Problem trying to run command: LANG=C sudo /sbin/iptables -S | grep input-management-if called from manager::iptables::isAlive. Child exited with non-zero value 1 (pf::util::pf_run) May 16 08:25:00 pfence01 packetfence: WARN -e(647): Problem trying to run command: LANG=C sudo /sbin/iptables -S | grep input-management-if called from manager::iptables::isAlive. Child exited with non-zero value 1 (pf::util::pf_run) May 16 08:25:00 pfence01 packetfence: INFO -e(647): saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) May 16 08:25:00 pfence01 packetfence: WARN -e(647): We are using IPSET (pf::ipset::iptables_generate) May 16 08:25:00 pfence01 packetfence: INFO -e(647): flushing iptables (pf::ipset::iptables_flush_mangle) May 16 08:25:01 pfence01 packetfence: INFO -e(647): Adding Forward rules to allow connections to the OAuth2 Providers and passthrough. (pf::iptables::generate_passthrough_rules) May 16 08:25:01 pfence01 packetfence: INFO -e(647): Adding NAT Masquerade statement. (pf::iptables::generate_passthrough_rules) May 16 08:25:01 pfence01 packetfence: INFO -e(647): restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Tks. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisque
Re: [PacketFence-users] Network Devices lost
Have in pf.conf End lost in eth4. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-17 12:20 GMT+01:00 Jeimerson C. Chaves : > Hello, > > Again, I am disturbing, but when configuring the registration > interface, it disappears, as it can be verified. > Thank you. > > > Com os melhores cumprimentos. > > Jeimerson Chaves > > Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros > informáticos com ele transmitidos são confidenciais, podem conter > informação privilegiada e destinam-se ao conhecimento e uso exclusivo > da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos > mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, > queira informar de imediato o remetente e proceder à destruição da > mensagem e de eventuais cópias. > > Confidentiality Warning: This e-mail and any files transmitted with it > are confidential and may be privileged and are intended solely for the > use of the individual or entity to whom they are addressed. Their > contents may not be altered. lf you are not the intended recipient of > this communication please notify the sender and delete and destroy all > copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Cluster PF 8.0.1
Hello Fabrice, In the how to, my interpretation is that we have to define VIP for every single interface. In order to create a new cluster, you need to configure /usr/local/pf/conf/cluster.conf on the first server of your cluster. You will need to configure it with your server hostname. To get it use : hostname in a command line. In the case of this example it will be pf1.example.com. The CLUSTER section represents the virtual IP addresses of your cluster that will be shared by your servers. In this example, eth0 is the management interface, eth1.2 is the registration interface and eth1.3 is the isolation interface. On the first server, create a configuration similar to this : [CLUSTER] management_ip=192.168.1.10 [CLUSTER interface eth0] ip=192.168.1.10 [CLUSTER interface eth1.2] ip=192.168.2.10 [CLUSTER interface eth1.3] ip=192.168.3.10 [pf1.example.com] management_ip=192.168.1.5 [pf1.example.com interface eth0] ip=192.168.1.5 [pf1.example.com interface eth1.2] ip=192.168.2.5 [pf1.example.com interface eth1.3] ip=192.168.3.5 [pf2.example.com] management_ip=192.168.1.6 [pf2.example.com interface eth0] ip=192.168.1.6 [pf2.example.com interface eth1.2] ip=192.168.2.6 [pf2.example.com interface eth1.3] ip=192.168.3.6 [pf3.example.com] management_ip=192.168.1.7 [pf3.example.com interface eth0] ip=192.168.1.7 [pf3.example.com interface eth1.2] ip=192.168.2.7 [pf3.example.com interface eth1.3] ip=192.168.3.7 Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-17 13:39 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > follow exactly what you have in > https://packetfence.org/doc/PacketFence_Clustering_Guide.html . > > A quick look show me that you defined VIP on each interfaces, it's only use > when you do a cluster of 2 with corosync and pacemaker. > > So follow the documentation and it should be good. > > Regards > > Fabrice > > > > Le 2018-05-17 à 06:08, Jeimerson C. Chaves via PacketFence-users a écrit : > > Hi, Fabrice, > > Hello, I'm redoing the how to, for the fifteenth time, > As you can see in the screenscreens, you can see that Mysql runs in the IP > VIP. > It only ran after I made the change in the configuration file. > I am using VMware ESXi for the lab. > The in port services 1443 and 9090 do not run in the IP of the > management, only ip VIP. > > Thank you in advance. > > > pf.conf > > # Hostname of PacketFence system. This is concatenated with the > domain in Apache rewriting rules and therefore must be resolvable by > clients. > hostname=pfence001 > # > # general.dhcpservers > # > # Comma-delimited list of DHCP servers. Passthroughs are created to > allow DHCP transactions from even "trapped" nodes. > dhcpservers=127.0.0.1,10.161.16.21 > > [alerting] > # > # alerting.emailaddr > # > # Email address to which notifications of rogue DHCP servers, > violations with an action of "email", or any other > # PacketFence-related message goes to. > emailaddr=pfence@localhost > > [database] > # > # database.pass > # > # Password for the mysql database used by PacketFence. Changing this > parameter after the initial configuration will *not* change it in the > database it self, only in the configuration. > pass=zaq12wsx > > [advanced] > # > # advanced.hash_passwords > # > # The algorithm to use to hash the passwords in the local database. > hash_passwords=ntlm > > [interface eth0] > ip=10.161.16.28 > type=management,portal,radius,high-availability > vip=10.60.60.20 > mask=255.255.255.0 > > [interface eth3] > enforcement=vlan > ip=10.60.60.28 > type=internal > vip=10.60.60.20 > mask=255.255.255.0 > > [interface eth4] > enforcement=vlan > ip=10.70.70.28 > type=internal > vip=10.70.70.20 > mask=255.255.255.0 > > ### > > log mariadb_error > > > May 17 09:51:30 pfence01 mysqld: > May 17 09:51:33 pfence01 mysqld_safe: mysqld from pid f
Re: [PacketFence-users] Cluster PF 8.0.1
So VIP address is only for the management interface correct? Do we have to point to that VIP address in the other managements interface? Something like this: eth0 in pfence01: IP: 10.160.26.28 VIP: 10.160.26.20 eth0 in pfence02: IP: 10.160.26.29 VIP: 10.160.26.20 eth0 in pfence03: IP: 10.160.26.30 VIP: 10.160.26.20 Kind Regards Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-17 14:31 GMT+01:00 Fabrice Durand via PacketFence-users : > > > Le 2018-05-17 à 09:09, Jeimerson C. Chaves via PacketFence-users a écrit : >> >> Hello Fabrice, >> >> In the how to, my interpretation is that we have to define VIP for >> every single interface. > > It's written nowhere in the documentation and this is probably why you can't > start mysql, so remove all the vip parameter you have in pf.conf and do a > "pfcmd configreload hard" > The cluster.conf looks good. > > Regards > Fabrice > > >> >> >> In order to create a new cluster, you need to configure >> /usr/local/pf/conf/cluster.conf on the first server of your cluster. >> >> You will need to configure it with your server hostname. To get it use >> : hostname in a command line. >> >> In the case of this example it will be pf1.example.com. >> >> The CLUSTER section represents the virtual IP addresses of your >> cluster that will be shared by your servers. >> >> In this example, eth0 is the management interface, eth1.2 is the >> registration interface and eth1.3 is the isolation interface. >> >> On the first server, create a configuration similar to this : >> >> [CLUSTER] >> management_ip=192.168.1.10 >> >> [CLUSTER interface eth0] >> ip=192.168.1.10 >> >> [CLUSTER interface eth1.2] >> ip=192.168.2.10 >> >> [CLUSTER interface eth1.3] >> ip=192.168.3.10 >> >> [pf1.example.com] >> management_ip=192.168.1.5 >> >> [pf1.example.com interface eth0] >> ip=192.168.1.5 >> >> [pf1.example.com interface eth1.2] >> ip=192.168.2.5 >> >> [pf1.example.com interface eth1.3] >> ip=192.168.3.5 >> >> [pf2.example.com] >> management_ip=192.168.1.6 >> >> [pf2.example.com interface eth0] >> ip=192.168.1.6 >> >> [pf2.example.com interface eth1.2] >> ip=192.168.2.6 >> >> [pf2.example.com interface eth1.3] >> ip=192.168.3.6 >> >> [pf3.example.com] >> management_ip=192.168.1.7 >> >> [pf3.example.com interface eth0] >> ip=192.168.1.7 >> >> [pf3.example.com interface eth1.2] >> ip=192.168.2.7 >> >> [pf3.example.com interface eth1.3] >> ip=192.168.3.7 >> Com os melhores cumprimentos. >> >> Jeimerson Chaves >> >> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros >> informáticos com ele transmitidos são confidenciais, podem conter >> informação privilegiada e destinam-se ao conhecimento e uso exclusivo >> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos >> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, >> queira informar de imediato o remetente e proceder à destruição da >> mensagem e de eventuais cópias. >> >> Confidentiality Warning: This e-mail and any files transmitted with it >> are confidential and may be privileged and are intended solely for the >> use of the individual or entity to whom they are addressed. Their >> contents may not be altered. lf you are not the intended recipient of >> this communication please notify the sender and delete and destroy all >> copies immediately. >> >> >> >> >> 2018-05-17 13:39 GMT+01:00 Fabrice Durand via PacketFence-users >> : >>> >>> Hello Jeimerson, >>> >>> follow exactly what you have in >>> https://packetfence.org/doc/PacketFence_Clustering_
[PacketFence-users] Restore database pf 8.0.1
Hello, How can I do a backup of the database and the files? What are in / root / backup I'm using clustered. Thank you very much. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Restore database pf 8.0.1
Hello, Fabrice. End restore? Don't have script? Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-23 16:18 GMT+01:00 Fabrice Durand via PacketFence-users : > The cronjob run a script to have the database and the files backuped in > /root/backup > > addons/database-backup-and-maintenance.sh > > Regards > > Fabrice > > > > > Le 2018-05-23 à 11:01, Jeimerson C. Chaves via PacketFence-users a écrit : >> >> Hello, >> >> How can I do a backup of the database and the files? What are in / root / >> backup >> I'm using clustered. >> >> Thank you very much. >> >> >> Com os melhores cumprimentos. >> >> Jeimerson Chaves >> >> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros >> informáticos com ele transmitidos são confidenciais, podem conter >> informação privilegiada e destinam-se ao conhecimento e uso exclusivo >> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos >> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, >> queira informar de imediato o remetente e proceder à destruição da >> mensagem e de eventuais cópias. >> >> Confidentiality Warning: This e-mail and any files transmitted with it >> are confidential and may be privileged and are intended solely for the >> use of the individual or entity to whom they are addressed. Their >> contents may not be altered. lf you are not the intended recipient of >> this communication please notify the sender and delete and destroy all >> copies immediately. >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Restore database pf 8.0.1
Tks, is The best!!! Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-23 16:48 GMT+01:00 Fabrice Durand via PacketFence-users : > There is a doc: > https://packetfence.org/doc/PacketFence_Installation_Guide.html#_restoring_a_percona_xtrabackup_dump > > > > Le 2018-05-23 à 11:44, Jeimerson C. Chaves via PacketFence-users a écrit : >> >> Hello, Fabrice. >> >> End restore? Don't have script? >> Com os melhores cumprimentos. >> >> Jeimerson Chaves >> >> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros >> informáticos com ele transmitidos são confidenciais, podem conter >> informação privilegiada e destinam-se ao conhecimento e uso exclusivo >> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos >> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, >> queira informar de imediato o remetente e proceder à destruição da >> mensagem e de eventuais cópias. >> >> Confidentiality Warning: This e-mail and any files transmitted with it >> are confidential and may be privileged and are intended solely for the >> use of the individual or entity to whom they are addressed. Their >> contents may not be altered. lf you are not the intended recipient of >> this communication please notify the sender and delete and destroy all >> copies immediately. >> >> >> >> >> 2018-05-23 16:18 GMT+01:00 Fabrice Durand via PacketFence-users >> : >>> >>> The cronjob run a script to have the database and the files backuped in >>> /root/backup >>> >>> addons/database-backup-and-maintenance.sh >>> >>> Regards >>> >>> Fabrice >>> >>> >>> >>> >>> Le 2018-05-23 à 11:01, Jeimerson C. Chaves via PacketFence-users a écrit >>> : >>>> >>>> Hello, >>>> >>>> How can I do a backup of the database and the files? What are in / root >>>> / >>>> backup >>>> I'm using clustered. >>>> >>>> Thank you very much. >>>> >>>> >>>> Com os melhores cumprimentos. >>>> >>>> Jeimerson Chaves >>>> >>>> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros >>>> informáticos com ele transmitidos são confidenciais, podem conter >>>> informação privilegiada e destinam-se ao conhecimento e uso exclusivo >>>> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos >>>> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, >>>> queira informar de imediato o remetente e proceder à destruição da >>>> mensagem e de eventuais cópias. >>>> >>>> Confidentiality Warning: This e-mail and any files transmitted with it >>>> are confidential and may be privileged and are intended solely for the >>>> use of the individual or entity to whom they are addressed. Their >>>> contents may not be altered. lf you are not the intended recipient of >>>> this communication please notify the sender and delete and destroy all >>>> copies immediately. >>>> >>>> >>>> >>>> -- >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> ___ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> -- >>> Fabrice Durand >>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >&